The annotated tag OpenSSL_1_0_2i has been created
at c3b111de3699ae812738e61c6b01101ea6a12b74 (tag)
tagging 32c130160f7dac2cef5d0e30d94b335e4a87104d (commit)
replaces OpenSSL_1_0_2h
tagged by Matt Caswell
on Thu Sep 22 11:24:53 2016 +0100
- Log -----------------------------------------------------------------
OpenSSL 1.0.2i release tag
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJX47F1AAoJENnE0m0OYESRc3sIAI79tKT3pLjuUua0+24tw8B8
Va/LslUflHIv9Ajt2Zr/erB9eVPBshVdMaTsaoHbYtKsNqHby7BKxmIpUfQQ+0ZQ
YmWOFvHt2r5sUKMSTHldT2rY27M7v9LIIwxOL0BWSQ+odtxFMK8UxWwTBdKDKsaL
c1+SGHiw7m2Eqqkc/RLGM5mc2EflnG0I3UDTMTAazzaev6SPDiN1F+bR3tqI6VMt
DE0+5qYxlmgbJw0ndTUjqj4sH7bv7b3c2mR/DyE7AsrwVvUDq0siYi9BNTNn0aV8
O5sRNsioqdEoZ/o/nil3FIsfdsgnOoOXxUpe69nSBExjsSRpB8IcvUlT3nIFsBA=
=2QfE
-----END PGP SIGNATURE-----
Alessandro Ghedini (1):
Avoid double declaration of COMP_METHOD Reviewed-by: Matt Caswell
<m...@openssl.org> Reviewed-by: Kurt Roeckx <k...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from
https://github.com/openssl/openssl/pull/1083)
Andy Polyakov (16):
rand/randfile.c: remove _XOPEN_SOURCE definition.
hmac/hmac.c: switch to OPENSSL_cleanse.
crypto/mem_clr.c: switch to OPENSSL_cleanse implementation from master.
crypto/mem.c: drop reference to cleanse_ctr and fix no-asm builds.
crypto/sparccpuid.S: limit symbol visibility.
aes/asm/bsaes-armv7.pl: fix XTS decrypt test failure.
aes/asm/bsaes-armv7.pl: omit redundant stores in XTS subroutines.
doc/crypto/OPENSSL_ia32cap.pod: harmonize with actual declaration.
SPARC assembly pack: enforce V8+ ABI constraints.
sha/asm/sha1-x86_64.pl: fix crash in SHAEXT code on Windows.
ec/ecp_nistz256.c: get is_one on 32-bit platforms right.
bn/asm/x86[_64]-mont*.pl: implement slightly alternative page-walking.
ec/asm/ecp_nistz256-x86_64.pl: addition to perform stricter reduction.
ec/ecp_nistz256: harmonize is_infinity with ec_GFp_simple_is_at_infinity.
ec/asm/ecp_nistz256-x86_64.pl: /cmovb/cmovc/ as nasm doesn't recognize
cmovb.
crypto/bn/*: x86[_64] division instruction doesn't handle constants,
change constraint from 'g' to 'r'.
Cesar Pereida (1):
Fix DSA, preserve BN_FLG_CONSTTIME
Cristian Stoica (1):
remove double initialization of cryptodev engine
Cynh (1):
Fix SRP client key computation
David Benjamin (2):
Don't send signature algorithms when client_version is below TLS 1.2.
Don't check for malloc failure twice.
David Woodhouse (4):
Fix SSL_export_keying_material() for DTLS1_BAD_VER
Fix ubsan 'left shift of negative value -1' error in satsub64be()
Add basic test for Cisco DTLS1_BAD_VER and record replay handling
Avoid EVP_PKEY_cmp() crash on EC keys without public component
Dirk Feytons (1):
Fix build with no-cmac
Dmitry Belyavsky (1):
Avoid KCI attack for GOST
Dr. Matthias St. Pierre (1):
RT3925: Remove trailing semi from #define's.
Dr. Stephen Henson (50):
add documentation
Fix double free in d2i_PrivateKey().
Fix name length limit check.
Always try to set ASN.1 parameters for CMS.
Use default ASN.1 for SEED.
Only set CMS parameter when encrypting
Tidy up PKCS12_newpass() fix memory leaks.
Constify PKCS12_newpass()
Only call FIPS_update, FIPS_final in FIPS mode.
Typo.
Add -signcert to CA.pl usage message.
Parameter copy sanity checks.
Don't skip leading zeroes in PSK keys.
Fix link error.
Fix omitted selector handling.
Don't indicate errors during initial adb decode.
Fix print of ASN.1 BIGNUM type.
Check and print out boolean type properly.
Support PKCS v2.0 print in pkcs12 utility.
Send alert on CKE error.
Sanity check in ssl_get_algorithm2().
Clarify digest change in HMAC_Init_ex()
Fix OOB read in TS_OBJ_print_bio().
Send alert for bad DH CKE
Use newest CRL.
Set error if EVP_CipherUpdate fails.
Note cipher BIO write errors too.
Fix CRL time comparison.
Check for overlows and error return from ASN1_object_size()
Check for overflows in ASN1_object_size().
include <limits.h>
Calculate sequence length properly.
Limit status message sisze in ts_get_status_check
Check for overflows in i2d_ASN1_SET()
Limit recursion depth in old d2i_ASN1_bytes function
Leak fixes.
Sanity check input length in OPENSSL_uni2asc().
Check for errors in a2d_ASN1_OBJECT()
Check for errors in BN_bn2dec()
Limit reads in do_b2i_bio()
Sanity check ticket length.
Avoid overflow in MDC2_Update()
Fix memory leak on error.
Fix memory leak on error.
Fix memory leak on realloc error.
update default dependencies
Fix small OOB reads.
Remove unnecessary check.
Use SSL3_HM_HEADER_LENGTH instead of 4.
Make message buffer slightly larger than message.
FdaSilvaYY (2):
Fix some missing inits
Fix a few leaks in X509_REQ_to_X509. Fix a possible leak on
NETSCAPE_SPKI_verify failure.
John Foley (1):
RT3752: Add FIPS callback for thread id
Jonas Maebe (1):
cryptodev_asym, zapparams: use OPENSSL_* allocation routines, handle
errors
Kazuki Yamaguchi (1):
Fix overflow check in BN_bn2dec()
Kurt Roeckx (2):
Return error when trying to print invalid ASN1 integer
Fix off by 1 in ASN1_STRING_set()
Marcus Meissner (1):
initialize the RSA struct to 0.
Matt Caswell (49):
Prepare for 1.0.2i-dev
Fix BIO_eof() for BIO pairs
Fix SSL compression symbol exporting
Remove repeated condition from if in X509_NAME_oneline
Fix a double free in tls1_setup_key_block
Check that the obtained public key is valid
Fix error return value in SRP functions
Fix a mem leak on an error path in OBJ_NAME_add()
The ssl3_digest_cached_records() function does not handle errors properly
Check for malloc failure in EVP_PKEY_keygen()
Avoid some undefined pointer arithmetic
Update CONTRIBUTING
BIO_printf() can fail to print the last character
Fix documentation error in x509 app certopt flag
More fix DSA, preserve BN_FLG_CONSTTIME
Fix BN_mod_word bug
Add a BN_mod_word test()
Fix seg fault in TS_RESP_verify_response()
Fix an error path leak in do_ext_nconf()
Fix an error path leak in int X509_ATTRIBUTE_set1_data()
Revert "RT4526: Call TerminateProcess, not ExitProcess"
Fix ASN1_STRING_to_UTF8 could not convert NumericString
Ensure HMAC key gets cleansed after use
Change usage of RAND_pseudo_bytes to RAND_bytes
Convert memset calls to OPENSSL_cleanse
Avoid an overflow in constructing the ServerKeyExchange message
Disallow multiple protocol flags to s_server and s_client
Back port ssltestlib code to 1.0.2
Add a DTLS unprocesed records test
Fix DTLS unprocessed records bug
Add DTLS replay protection test
Fix DTLS replay protection
Update function error code
Silence some "maybe used uninitialised" warnings
Fix DTLS buffered message DoS attack
Prevent DTLS Finished message injection
Fix no-ec
Fix the no-tls1 option
SRP_create_verifier does not check for NULL before OPENSSL_cleanse
Ensure the CertStatus message adds a DTLS message header where needed
Abort on unrecognised warning alerts
Add some sanity checks around usage of t_fromb64()
Revert "Abort on unrecognised warning alerts"
Fix a missing NULL check in dsa_builtin_paramgen
Don't allow too many consecutive warning alerts
Fix OCSP Status Request extension unbounded memory growth
Fix a mem leak in NPN handling
Updates CHANGES and NEWS for new release
Prepare for 1.0.2i release
Orgad Shaneh (1):
Fix compilation with CMS disabled
Pauli (1):
RT4573: Synopsis for RAND_add is wrong
Phillip Hellewell (1):
RT3053: Check for NULL before dereferencing
Rich Salz (21):
GH837: Avoid double-free in OCSP parse.
Recommend GH over RT, per team vote.
RT4560: Initialize variable to NULL
RT4562: Backport doc fix.
RT4546: Backport doc fix
RT4526: Call TerminateProcess, not ExitProcess
RT4545: Backport 2877 to 1.0.2
RT2964: Fix it via doc
Revert "RT2964: Fix it via doc"
RT2964: Fix it via doc
Add missing casts.
Fix NULL-return checks in 1.0.2
RT3940: For now, just document the issue.
Fix incorrect return argument.
Fix pointer/alloc prob from previous commit
RT2676: Reject RSA eponent if even or 1
SWEET32 (CVE-2016-2183): Move DES from HIGH to MEDIUM
Misc BN fixes
Make update
GH1555: Don't bump size on realloc failure
Dcoument -alpn flag
Richard Levitte (54):
Check return of PEM_write_* functions and report possible errors
Add NULL check in i2d_PrivateKey()
Use RPMBUILD macros rather than hard coded paths in openssl.spec
Windows: Add CRYPT32.LIB to the libraries to link your app with
Documentation: Clarify sizes for UI_add_input_string()
Add support for RC / WINDRES env variables
Add missing initialiser in e_chil.c
Don't require any length of password when decrypting
Make it possible to have RFC2254 escapes with ASN1_STRING_print_ex()
make update
Document the esc_2254 command line name option
Refresh seldom used C generating scripts to current C standard
Run the refreshed scripts
Fix util/mkerr.pl
Cleanup openssl.ec
Revert "Make it possible to have RFC2254 escapes with
ASN1_STRING_print_ex()"
Revert "make update"
Revert "Document the esc_2254 command line name option"
openssl verify: only display the command usage on usage errors
Always check that the value returned by asn1_do_adb() is non-NULL
Change (!seqtt) to (seqtt == NULL)
apps/req.c: Increment the right variable when parsing '+'
Fix missing opening braces
Check that the subject name in a proxy cert complies to RFC 3820
Fix proxy certificate pathlength verification
Allow proxy certs to be present when verifying a chain
Fix ASN.1 private encode of EC_KEY to not change the input key
Remove the silly CVS markers from LPdir_*.c
Don't check any revocation info on proxy certificates
make update to have PEM_R_HEADER_TOO_LONG defined
VMS: synchronise tests with Unix
evp_test.c: avoid warning from having a pointer difference returned as int
VSI submission: avoid pointer size warnings in mem.c
VSI submission: make better use of item lists in o_time.c
VSI submission: RAND fixups
Have dtlstest run on VMS as well
ssltestlib: Tell compiler we don't care about the value when we don't
Make 'openssl req -x509' more equivalent to 'openssl req -new'
GOST: rearrange code so it's more like C rather than C++
VMS: Use strict refdef extern model when building library object files
mk1mf: dtlstest needs ssltestlib, include it with a hack
Improve the definition of STITCHED_CALL in e_rc4_hmac_md5.c
If errno is ENXIO in BSS_new_file(), set BIO_R_NO_SUCH_FILE
Add enginesdir to libcrypto.pc pkg-config file
VMS: only use _realloc32 with /POINTER_SIZE=32
VSI submission: redirect terminal input through socket
Add copyright and license on apps/vms_term_sock.[ch]
Remove entirely unnecessary pointer size guards
Reformat to fit OpenSSL source code standards
Refactor to avoid unnecessary preprocessor logic
Finally, make sure vms_term_sock.c is built
RT4669: dgst can only sign/verify one file
apps/apps.c: include sys/socket.h to declare recv()
mk1mf.pl: check for no-tls1 here as well
Steven Valdez (1):
Adding missing BN_CTX_(start/end) in crypto/ec/ec_key.c
Todd Short (2):
OCSP_request_add0_id() inconsistent error return
Always use session_ctx when removing a session
Viktor Dukhovni (3):
Fix i2d_X509_AUX and update docs
Clarify negative return from X509_verify_cert()
Ensure verify error is set when X509_verify_cert() fails
isnotnick (1):
RT3513: req doesn't display attributes using utf8string
-----------------------------------------------------------------------
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
